CVE-2024-21527 - OpenCVE

Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/webhook before 8.1.0 are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when a request is made to a file via localhost, such as <iframe src="\\localhost/etc/passwd">. By exploiting this vulnerability, an attacker can achieve local file inclusion, allowing of sensitive files read on the host system. Workaround An alternative is using either or both --chromium-deny-list and --chromium-allow-list flags.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://gist.github.com/filipochnik/bc88a3d1cc17c07cec391ee98e1e6356
https://github.com/gotenberg/gotenberg/commit/ad152e62e5124b673099a9103eb6e7f933771794
https://github.com/gotenberg/gotenberg/releases/tag/v8.1.0
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGGOTENBERG-7537081
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGMODULESCHROMIUM-7537082
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGMODULESWEBHOOK-7537083

History

No history.

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2024-07-19T05:00:04.457Z

Updated: 2024-09-05T13:26:11.327Z

Reserved: 2023-12-22T12:33:20.122Z

Link: CVE-2024-21527

Vulnrichment

Updated: 2024-08-01T22:27:34.824Z

NVD

Status : Awaiting Analysis

Published: 2024-07-19T05:15:10.053

Modified: 2024-07-19T13:01:44.567

Link: CVE-2024-21527

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21527", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "state": "PUBLISHED", "assignerShortName": "snyk", "dateReserved": "2023-12-22T12:33:20.122Z", "datePublished": "2024-07-19T05:00:04.457Z", "dateUpdated": "2024-09-05T13:26:11.327Z"}, "containers": {"cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P"}}], "credits": [{"value": "Filip Ochnik", "lang": "en"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "Server-side Request Forgery (SSRF)", "lang": "en"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2024-09-05T13:26:11.327Z"}, "descriptions": [{"value": "Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/webhook before 8.1.0 are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when a request is made to a file via localhost, such as <iframe src=\"\\\\localhost/etc/passwd\">. By exploiting this vulnerability, an attacker can achieve local file inclusion, allowing of sensitive files read on the host system.\r\r Workaround\rAn alternative is using either or both --chromium-deny-list and --chromium-allow-list flags.", "lang": "en"}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGGOTENBERG-7537081"}, {"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGMODULESCHROMIUM-7537082"}, {"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGMODULESWEBHOOK-7537083"}, {"url": "https://github.com/gotenberg/gotenberg/releases/tag/v8.1.0"}, {"url": "https://github.com/gotenberg/gotenberg/commit/ad152e62e5124b673099a9103eb6e7f933771794"}, {"url": "https://gist.github.com/filipochnik/bc88a3d1cc17c07cec391ee98e1e6356"}], "affected": [{"product": "github.com/gotenberg/gotenberg/v8/pkg/gotenberg", "versions": [{"version": "0", "lessThan": "8.1.0", "status": "affected", "versionType": "semver"}], "vendor": "n/a"}, {"product": "github.com/gotenberg/gotenberg/v8/pkg/modules/chromium", "versions": [{"version": "0", "lessThan": "8.1.0", "status": "affected", "versionType": "semver"}], "vendor": "n/a"}, {"product": "github.com/gotenberg/gotenberg/v8/pkg/modules/webhook", "versions": [{"version": "0", "lessThan": "8.1.0", "status": "affected", "versionType": "semver"}], "vendor": "n/a"}]}, "adp": [{"affected": [{"vendor": "gotenberg", "product": "gotenberg", "cpes": ["cpe:2.3:a:gotenberg:gotenberg:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "8.1.0", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-23T14:34:36.236052Z", "id": "CVE-2024-21527", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T14:35:48.752Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:34.824Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGGOTENBERG-7537081", "tags": ["x_transferred"]}, {"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGMODULESCHROMIUM-7537082", "tags": ["x_transferred"]}, {"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGMODULESWEBHOOK-7537083", "tags": ["x_transferred"]}, {"url": "https://github.com/gotenberg/gotenberg/releases/tag/v8.1.0", "tags": ["x_transferred"]}, {"url": "https://github.com/gotenberg/gotenberg/commit/ad152e62e5124b673099a9103eb6e7f933771794", "tags": ["x_transferred"]}, {"url": "https://gist.github.com/filipochnik/bc88a3d1cc17c07cec391ee98e1e6356", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGGOTENBERG-7537081", "tags": ["x_transferred"]}, {"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGMODULESCHROMIUM-7537082", "tags": ["x_transferred"]}, {"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGMODULESWEBHOOK-7537083", "tags": ["x_transferred"]}, {"url": "https://github.com/gotenberg/gotenberg/releases/tag/v8.1.0", "tags": ["x_transferred"]}, {"url": "https://github.com/gotenberg/gotenberg/commit/ad152e62e5124b673099a9103eb6e7f933771794", "tags": ["x_transferred"]}, {"url": "https://gist.github.com/filipochnik/bc88a3d1cc17c07cec391ee98e1e6356", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:34.824Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21527", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-23T14:34:36.236052Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:gotenberg:gotenberg:*:*:*:*:*:*:*:*"], "vendor": "gotenberg", "product": "gotenberg", "versions": [{"status": "affected", "version": "0", "lessThan": "8.1.0", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T14:35:41.651Z"}}], "cna": {"credits": [{"lang": "en", "value": "Filip Ochnik"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "n/a", "product": "github.com/gotenberg/gotenberg/v8/pkg/gotenberg", "versions": [{"status": "affected", "version": "0", "lessThan": "8.1.0", "versionType": "semver"}]}, {"vendor": "n/a", "product": "github.com/gotenberg/gotenberg/v8/pkg/modules/chromium", "versions": [{"status": "affected", "version": "0", "lessThan": "8.1.0", "versionType": "semver"}]}, {"vendor": "n/a", "product": "github.com/gotenberg/gotenberg/v8/pkg/modules/webhook", "versions": [{"status": "affected", "version": "0", "lessThan": "8.1.0", "versionType": "semver"}]}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGGOTENBERG-7537081"}, {"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGMODULESCHROMIUM-7537082"}, {"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGMODULESWEBHOOK-7537083"}, {"url": "https://github.com/gotenberg/gotenberg/releases/tag/v8.1.0"}, {"url": "https://github.com/gotenberg/gotenberg/commit/ad152e62e5124b673099a9103eb6e7f933771794"}, {"url": "https://gist.github.com/filipochnik/bc88a3d1cc17c07cec391ee98e1e6356"}], "descriptions": [{"lang": "en", "value": "Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/webhook before 8.1.0 are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when a request is made to a file via localhost, such as <iframe src=\"\\\\localhost/etc/passwd\">. By exploiting this vulnerability, an attacker can achieve local file inclusion, allowing of sensitive files read on the host system.\r\r Workaround\rAn alternative is using either or both --chromium-deny-list and --chromium-allow-list flags."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-918", "description": "Server-side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2024-09-05T13:26:11.327Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21527", "state": "PUBLISHED", "dateUpdated": "2024-09-05T13:26:11.327Z", "dateReserved": "2023-12-22T12:33:20.122Z", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "datePublished": "2024-07-19T05:00:04.457Z", "assignerShortName": "snyk"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/webhook before 8.1.0 are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when a request is made to a file via localhost, such as <iframe src=\"\\\\localhost/etc/passwd\">. By exploiting this vulnerability, an attacker can achieve local file inclusion, allowing of sensitive files read on the host system.\r\r Workaround\rAn alternative is using either or both --chromium-deny-list and --chromium-allow-list flags."}, {"lang": "es", "value": "Versiones del paquete github.com/gotenberg/gotenberg/v8/pkg/gotenberg anteriores a 8.1.0; versiones del paquete github.com/gotenberg/gotenberg/v8/pkg/modules/chromium anteriores a 8.1.0; Las versiones del paquete github.com/gotenberg/gotenberg/v8/pkg/modules/webhook anteriores a 8.1.0 son vulnerables a la Server Side Request Forgery (SSRF) a trav\u00e9s del endpoint /convert/html cuando se realiza una solicitud a un archivo a trav\u00e9s de localhost, como . Al explotar esta vulnerabilidad, un atacante puede lograr la inclusi\u00f3n de archivos locales, permitiendo la lectura de archivos confidenciales en el sistema host. Workaround una alternativa es utilizar uno o ambos indicadores --chromium-deny-list y --chromium-allow-list."}], "id": "CVE-2024-21527", "lastModified": "2024-07-19T13:01:44.567", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2024-07-19T05:15:10.053", "references": [{"source": "report@snyk.io", "url": "https://gist.github.com/filipochnik/bc88a3d1cc17c07cec391ee98e1e6356"}, {"source": "report@snyk.io", "url": "https://github.com/gotenberg/gotenberg/commit/ad152e62e5124b673099a9103eb6e7f933771794"}, {"source": "report@snyk.io", "url": "https://github.com/gotenberg/gotenberg/releases/tag/v8.1.0"}, {"source": "report@snyk.io", "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGGOTENBERG-7537081"}, {"source": "report@snyk.io", "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGMODULESCHROMIUM-7537082"}, {"source": "report@snyk.io", "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGMODULESWEBHOOK-7537083"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "report@snyk.io", "type": "Secondary"}]}